Microsoft Patch Tuesday March 2021 fixes 82 vulnerabilities, including 2 zero-days

Patch Tuesday

With cybersecurity threats on the rise thanks to the pandemic, it’s essential to understand the importance of Patch Tuesday releases, and find ways to deploy them to remote endpoints efficiently.

This Patch Tuesday, Microsoft has released fixes for 82 vulnerabilities, among which 10 are classified as Critical, and 72 as Important. Along with these vulnerabilities, Microsoft also released fixes for two publicly-disclosed and actively exploited zero-day vulnerabilities. This March has been undeniably hard for IT admins, as around 40 vulnerabilities for Microsoft Exchange and Chromium Edge were also released earlier this month.

A lineup of significant updates

Microsoft security updates have been released for:

  • Microsoft Windows
  • Microsoft Office
  • Microsoft Windows Codecs Library
  • Visual Studio
  • Internet Explorer
  • Microsoft Edge on Chromium
  • Microsoft Exchange Server
  • Microsoft Graphics Component
  • Power BI

Publicly-disclosed and actively exploited zero-days

This month, Microsoft fixed the zero-day vulnerabilities below:

Shedding some light on this month’s critical updates

Listed below are the Critical vulnerabilities reported in this month’s Patch Tuesday:

Product

CVE Title

CVE ID

Azure SphereAzure Sphere Unsigned Code Execution VulnerabilityCVE-2021-27074
Azure SphereAzure Sphere Unsigned Code Execution VulnerabilityCVE-2021-27080
Internet ExplorerInternet Explorer Memory Corruption VulnerabilityCVE-2021-26411
Microsoft Exchange ServerMicrosoft Exchange Server Remote Code Execution VulnerabilityCVE-2021-26412
Microsoft Exchange ServerMicrosoft Exchange Server Remote Code Execution VulnerabilityCVE-2021-27065
Microsoft Exchange ServerMicrosoft Exchange Server Remote Code Execution VulnerabilityCVE-2021-26857
Microsoft Exchange ServerMicrosoft Exchange Server Remote Code Execution VulnerabilityCVE-2021-26855
Microsoft Graphics ComponentOpenType Font Parsing Remote Code Execution VulnerabilityCVE-2021-26876
Microsoft Windows Codecs LibraryHEVC Video Extensions Remote Code Execution VulnerabilityCVE-2021-24089
Microsoft Windows Codecs LibraryHEVC Video Extensions Remote Code Execution VulnerabilityCVE-2021-27061
Microsoft Windows Codecs LibraryHEVC Video Extensions Remote Code Execution VulnerabilityCVE-2021-26902
Role: DNS ServerWindows DNS Server Remote Code Execution VulnerabilityCVE-2021-26897
Role: Hyper-VWindows Hyper-V Remote Code Execution VulnerabilityCVE-2021-26867
Visual StudioGit for Visual Studio Remote Code Execution VulnerabilityCVE-2021-21300

Third-party updates released this month

Coinciding with this month’s Patch Tuesday, Android has also released security updates this month. There are also notable security updates from Adobe, Apple, SAP, Cisco, and VMWare.

Here are a few best practices for remote patch management that you can follow in your organization:

  • Prioritize security updates over non-security and optional updates.
  • Download patches directly to endpoints rather than saving them on your server and distributing them to remote locations.
  • Schedule automation tasks specifically for deploying critical patches for timely updates.
  • Plan to set broad deployment windows so critical updates aren’t missed due to unavoidable hindrances.
  • Allow end users to skip deployments to avoid disrupting their productivity.
  • Ensure the machines under your scope aren’t running any end-of-life OSs or applications.
  • Ensure you use a secure gateway server to establish safe connections between your remote endpoints.

With Desktop Central or Patch Manager Plus, you can completely automate the entire process of patch management, from testing patches to deploying them. You can also tailor the patch tasks according to your current situation. For hands-on experience with either of these products, start a 30-day free trial and keep thousands of applications patched and secure.

** Optrics Inc. is a ManageEngine partner


The original article can be found here:

https://blogs.manageengine.com/desktop-mobile/patch-manager-plus/2021/03/10/microsoft-patch-tuesday-march-2021-fixes-82-vulnerabilities-including-2-zero-days.html

Leave a Reply